BUG/MINOR: quic: Malforme probing packet with already acked frames

If a packet building was asked to probe the peer with frames which have just
been acked, the frames building run by qc_build_frms() could be cancelled returning
0 by qc_stream_frm_is_acked() which ckeck that these frames have been already
acknowledged. In this case the packet building run by qc_do_build_pkt() is not
interrupted, leading to the build of an empty packet which should be ack-eliciting.
This is a bug detected by the BUG_ON() statement in qc_do_build_pk():

	    BUG_ON(qel->pktns->tx.pto_probe &&
           !(pkt->flags & QUIC_FL_TX_PACKET_ACK_ELICITING));

Thank you to @Tristan971 for having reported this issue in GH #2709

This is an old bug which must be backported as far as 2.6.

Author: haproxyFred

src/quic_tx.c

@@ -2010,7 +2010,20 @@ static int qc_do_build_pkt(unsigned char *pos, const unsigned char *end,
 				goto comp_pkt_len;
 			}
 
-			if (!ack_frm_len && !qel->pktns->tx.pto_probe)
+			if (qel->pktns->tx.pto_probe) {
+				/* If a probing packets was asked and could not be built,
+				 * this is not because there was not enough room, but due to
+				 * its frames which were already acknowledeged.
+				 * (see qc_stream_frm_is_acked()) called by qc_build_frms().
+				 *
+				 * That said, the consequence must be the same: cancelling
+				 * the packet building as if there was not enough room.
+				 */
+				 qel->pktns->tx.pto_probe--;
+				 goto no_room;
+			}
+
+			if (!ack_frm_len)
 				goto no_room;
 		}
 	}